Event ID - 1041

Port No1041
Service NameREMOTENC
RFC Doc0
ProtocolTCP
DescriptionThis non-memory resident backdoor client program enables a remote attacker to access a target system. However, in order for this backdoor to fully carry out its malicious intents, a server component must be installed in the target system. It runs only in DOS mode and works in Windows 95, 98, NT, ME, XP and 2000
Reference LinkREMOTENC
AttackSolutions:

Scan your system with Trend Micro antivirus and delete all files detected as BKDR_REMOTENC.A. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro’s free online virus scanner

Details:

This backdoor client program is a remote access tool which allows an attacker to execute commands in the compromised system. However, it cannot fully carry out the intended backdoor routines if a corresponding server component is not installed in the target system.
The following elements are also required:

The attacker must know the service name of the command to launch.
The attacker must also have a username and password in order to access the remote system.
The malware body contains these strings:

RemoteNC Beta 3, Written by Assassin 2001
http://www.neeyes.com http://www.netXeyes.org

It runs in DOS mode.

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.